fix: resolve multiple bugs found during comprehensive code review#23
Merged
SimplicityGuy merged 17 commits intomainfrom Apr 4, 2026
Merged
fix: resolve multiple bugs found during comprehensive code review#23SimplicityGuy merged 17 commits intomainfrom
SimplicityGuy merged 17 commits intomainfrom
Conversation
- Fix shared-settings merge order so per-job values override shared defaults - Fix parse_schedule failure silently producing broken crontab entries - Fix broken shebang (#\!) in generated job scripts - Add null command guard in make_image_cmd (parity with make_container_cmd) - Add temp file cleanup trap on error during script generation - Clean up intermediate crontab file after copying to crontabs directory - Downgrade actions/checkout@v6 to @v4 (v6 does not exist) - Downgrade docker/metadata-action@v6 to @v5 (v6 does not exist) - Remove -d flag from sample dockerargs (defeats error propagation) - Rename "null" key to "logrotate" in mapping config samples - Replace @every examples with valid cron syntax in README - Fix stale GitLab registry path in README Dockerfile example - Remove invalid --it flag from README dockerargs example - Add depends_on to docker-compose.yml to prevent race condition Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The previous commit incorrectly downgraded actions/checkout@v6 and docker/metadata-action@v6 — these versions exist and were correct. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
These are valid Docker flags (-d for detached, --it for interactive terminal) that were incorrectly removed. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…elds - Update README badges to centered div style with Build, License, pre-commit, Docker, Shell, Alpine, and Claude Code badges - Fix grammar: "to all" → "to allow", "probably has" → "probably have", "run on in" → "run in", "images name" → "image name" - Document undocumented config fields: environment, expose, networks, ports, volumes - Document all supported schedule shortcuts: @yearly/@annually, @monthly, @Weekly, @daily/@midnight, @hourly, @random - Remove stale @every reference from CLAUDE.md - Add owner field to cleanup-images workflow (matches discogsography) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add touch before cat to prevent crash when no valid jobs exist (all jobs skipped due to missing schedule/command/unsupported syntax) - Fix missing closing quote in 'schedule missing' error message Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mapping config keys like 'map a volume' are injected as the job name by normalize_config. Without quoting, --name map a volume produces a broken docker command. Now generates --name "map a volume". Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add name=dind-alpine filter to Docker Hub API query in update-project.sh so dind-alpine tags appear in results (previously, page_size=100 without filtering missed them) - Remove unused skip_next variable and associated dead code from start_app in entrypoint.sh Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update all sample configs, docker-compose.yml, and README to reference alpine:3.23 which matches the Dockerfile base image. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add per-platform SHA256 checksums for rq v1.0.2 binaries and verify the download integrity with sha256sum before extraction. This prevents supply chain attacks via compromised releases or MITM. Also add SHELL pipefail directive to builder stage to satisfy hadolint. Closes #17 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
rq (last release: 2019) has been replaced with yq (mikefarah/yq), an actively maintained tool available from Alpine repos. Changes: - Remove entire Dockerfile builder stage (rq download, upx, checksums) - Remove gcompat from release stage (only needed for rq glibc binaries) - Add yq-go to Alpine packages - Update entrypoint.sh to use yq for YAML and TOML conversion - Remove rq version update logic from update-project.sh - Update CLAUDE.md references This also fixes the arm64/arm glibc-on-musl issue since yq is a native Alpine package built for all supported architectures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
BusyBox crond swallows pipe output (tries to mail it), so the previous 2>&1 | cat approach silently lost all job output. Now redirects to /proc/1/fd/1 and /proc/1/fd/2 (PID 1's stdout/stderr) which is what docker logs reads. Also adds timestamps to job start/end log messages for observability. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace raw crontab dump with a clean table showing schedule, job name, and onstart flag. Also route onstart job output to /proc/1/fd/1 for docker logs visibility, and clean up status messages. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix update-project.yml: remove builder image grep (builder stage no longer exists), only check docker dind base image - Fix update-project.sh: remove Alpine FROM grep and stale Alpine tag lookup (no standalone Alpine stage anymore) - Fix CLAUDE.md: "multi-stage" → "single-stage", add all platforms Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Eliminates duplicate logic between the CI workflow and local script. The workflow now runs the script with --no-backup --skip-tests, checks for git changes, then handles PR creation and Discord notification. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive bug fixes, dependency modernization, security improvements, logging improvements, and documentation updates.
Dependency Replacement
rqwithyq— rq (last release 2019) replaced with actively maintained yq (mikefarah/yq) from Alpine repos. Removes entire Dockerfile builder stage, eliminates glibc-on-musl arm64/arm issue, removes gcompat and upx dependencies. Closes security: rq binary downloaded without checksum verification #17.Logging Improvements
docker logs— Replaced broken2>&1 | catwith/proc/1/fd/1redirect (BusyBox crond swallows pipe output)Code Fixes (entrypoint.sh)
$sharedwas overriding per-job values instead of acting as defaultsecho "#\!/usr/bin/env bash"wrote a literal backslashparse_schedulefailure silently produced broken crontab entries —@everynow properly rejected (related: security: cron schedule strings are written to crontab without format validation #18)make_image_cmd--nameargsskip_nextvariableInfrastructure Improvements
update-project.ymlnow usesupdate-project.sh— Eliminated duplicate update logic between CI workflow and local scriptupdate-project.shDocker Hub API — Added&name=dind-alpinefilter so dind-alpine tags are found within page limitsupdate-project.yml/.shfor single-stage Dockerfile — Removed stale builder image references after rq removalownerfield to cleanup-images workflowDocumentation Fixes
environment,expose,networks,ports,volumes@everyexamples with valid cron syntax--it→-itin READMEConfig Fixes
"null"key to"logrotate"in mapping config samplesdepends_onto docker-compose.ymlIssues Addressed
@everynow properly rejected)Test plan
#!/usr/bin/env bashshebang~~shared-settingsto confirm per-job overrides work@everyschedule to confirm it's properly skipped with error message--namequotingdocker logsshows timestamped job output and startup tabledocker-compose upand confirmcrontabstarts aftermyapp🤖 Generated with Claude Code